package com.pagoda.nerp.trade.common.component.auth.filter;

import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.authz.AuthorizationFilter;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * Created by Jungle on 2017/1/4.
 */
public class PermissionAuthorizationFilter extends AuthorizationFilter {

    @Override
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object o) throws Exception {

        // 权限过滤器 - 没有登录信息的则设置无法登录信息
        Subject subject = getSubject(servletRequest, servletResponse);
        UsernamePasswordToken token = (UsernamePasswordToken) subject.getSession().getAttribute("h5ShiroAuthentication");
        if(token == null || !subject.isAuthenticated()){
            HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
            HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
            httpServletResponse.setHeader("sessionstatus", "timeout");
            System.out.println("======================= isAccessAllowed ===========");
            return false;
        }
        return true;

    }

}
